Featured content

Serious data leaks are increasingly prevalent in the news. We mostly hear about the immediate impact of those leaks and the steps taken to fix them, but how much do we actually know about how companies find and prevent these leaks?

We’re excited to announce that, in an upcoming release, the Varonis Data Security Platform will bring data-centric audit and protection to Nasuni Enterprise File Services. Nasuni is a key Varonis partner in the growing market for hybrid cloud Network Attached Storage (NAS).

The media coverage of NotPetya has hidden what might have been a more significant attack: a brute force attack on the UK Parliament. While for many it was simply fertile ground for Twitter Brexit jokes, an attack like this that targets a significant government body is a reminder that brute force remains a common threat to be addressed.

As a blogger following data security laws and regulations, I’m occasionally rewarded with an “I told you this law would be important” moment. Earlier this month with the news that the FTC plans to update its dusty Gramm-Leach-Bliley Act regulations for data security. To refresh memories, GLBA covers data security and privacy practices of the US financial industry — banks, investment firms, mortgage lenders, financial advisors, consumer lenders, and more.

This article is part of the series "Koadic Post-Exploitation Rootkit". Check out the rest: Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Part I Koadic: Pen Testing, Pivoting, & JavaScripting, Part II Koadic: Implants and Pen Testing Wisdom, Part III Koadic: Security Defense in the Age of LoL Malware, Part IV

Active Directory Domain Services (AD DS) are the core functions in Active Directory that manage users and computers and allow sysadmins to organize the data into logical hierarchies.

Major data breaches from the past few years are reminders that cybersecurity can’t remain an afterthought when it comes to budgeting priorities. The threat landscape is expanding and the likelihood of a cyber attack is high. Luckily, more companies are taking their strategy seriously since investments in cybersecurity budgets increased by 141 percent between 2010 and 2018.

Security analytics is the practice of analyzing raw security data to discover preemptive and actionable security measures to increase cybersecurity. It’s not necessarily a particular technique, but certainly involves aggregating data from many possible sources: event logs from operating systems, firewalls, routers, virus scanners,and more. And then combining or correlating them to produce a cleaner data set that can then be processed with appropriate algorithms.

Viruses and worms are often used interchangeably: there are a few key differences in how they work. Both viruses and worms are a type of malware: a worm is a type of virus.

Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their security and IT pros when it comes to cybersecurity?

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). What that jargon means is that you can use one set of credentials to log into many different websites. It’s much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc.

A honeypot is a tool that acts as bait, luring an attacker into revealing themselves by presenting a seemingly tempting target. While advanced honeypots are designed to make it easier to detect and study the kinds of attacks hackers use in the wild, modern honeypots based on tracking URL’s have evolved to be so flexible and user-friendly that average people often use them to identify online scammers.